(加密 + 签名,保证私钥的安全)
1 给debian8加密(再IDEA加密)并签名一份“我的私钥”
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # gpg -r "debian8" -o FranklinYang.rsa.sec.key.sign.debian8.asc -a --se --cipher-algo IDEA FranklinYang.rsa.sec.key
You need a passphrase to unlock the secret key for
user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"
4096-bit RSA key, ID 276856F7, created 2016-11-25
gpg: IDEA encryption will be used
opensuse13:~ #
或者:
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # gpg -a -r "debian8new" -u "FranklinYang" -o FranklinYang.sec.key.3des.sig.asc -se --cipher-algo 3DES FranklinYang.sec.key
You need a passphrase to unlock the secret key for
user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"
4096-bit RSA key, ID 276856F7, created 2016-11-25
gpg: CD540DDF: There is no assurance this key belongs to the named user
pub 2048R/CD540DDF 2016-11-26 debian8new
Primary key fingerprint: 8C29 6680 CD0F 8137 CC4E 77C9 9CF8 559D FE76 1741
Subkey fingerprint: 10DD BA9B BB81 15FE 7196 2F70 0036 4591 CD54 0DDF
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
opensuse13:~ #
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # l FranklinYang.rsa.sec.key.sign.debian8.asc
-rw-r--r-- 1 root root 6352 Nov 26 00:40 FranklinYang.rsa.sec.key.sign.debian8.asc
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # l FranklinYang.sec.key.3des.sig.asc
-rw-r--r-- 1 root root 7924 Nov 27 01:10 FranklinYang.sec.key.3des.sig.asc
opensuse13:~ #
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # scp FranklinYang.rsa.sec.key.sign.debian8.asc franklin@192.168.19.132:/home/franklin/
franklin@192.168.19.132's password:
FranklinYang.rsa.sec.key.sign.debian8.asc 100% 6352 6.2KB/s 00:00
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # scp FranklinYang.sec.key.3des.sig.asc franklin@debian8:/home/franklin/
franklin@debian8's password:
FranklinYang.sec.key.3des.sig.asc 100% 7924 7.7KB/s 00:00
opensuse13:~ #
opensuse13:~ #
2 给centos7加密并签名一份“我的私钥”
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # gpg -u "FranklinYang" -r "centos7" -o FranklinYang.rsa.sec.key.sign.centos7.asc -a --sign -e FranklinYang.rsa.sec.key
You need a passphrase to unlock the secret key for
user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"
4096-bit RSA key, ID 276856F7, created 2016-11-25
gpg: CDA873F4: There is no assurance this key belongs to the named user
pub 2048g/CDA873F4 2016-11-25 centos7
Primary key fingerprint: EEB2 90CA E690 2DD5 2480 FA72 9E1B 26EB 28D4 14A1
Subkey fingerprint: 8997 4D45 4AB8 6F48 B0B6 322B B982 87D3 CDA8 73F4
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # l FranklinYang.rsa.sec.key.sign.centos7.asc
-rw-r--r-- 1 root root 6332 Nov 26 00:41 FranklinYang.rsa.sec.key.sign.centos7.asc
opensuse13:~ #
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # scp FranklinYang.rsa.sec.key.sign.centos7.asc franklin@192.168.19.150:/home/franklin/
franklin@192.168.19.150's password:
FranklinYang.rsa.sec.key.sign.centos7.asc 100% 6332 6.2KB/s 00:00
opensuse13:~ #
opensuse13:~ #
opensuse13:~ #
或者:
opensuse13:~ #
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # gpg -a -r "centos7new" -u "FranklinYang" -o FranklinYang.sec.key.2centos7.3des.sig.asc -se --cipher-algo 3DES FranklinYang.sec.key
You need a passphrase to unlock the secret key for
user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"
4096-bit RSA key, ID 276856F7, created 2016-11-25
gpg: 903BE0F0: There is no assurance this key belongs to the named user
pub 2048R/903BE0F0 2016-11-26 centos7new
Primary key fingerprint: 7486 046A AAD2 00FF A177 126F 6AF6 D5FC F9F5 A616
Subkey fingerprint: 88DE 838A 874E CE34 9348 B9F6 A4D1 0BC6 903B E0F0
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
opensuse13:~ #
opensuse13:~ #
opensuse13:~ #
opensuse13:~ # scp FranklinYang.sec.key.2centos7.3des.sig.asc franklin@centos7:/home/franklin/
franklin@centos7's password:
FranklinYang.sec.key.2centos7.3des.sig.asc 100% 7924 7.7KB/s 00:00
opensuse13:~ #
opensuse13:~ #
3 在其他电脑上,解密“我的私钥”并验证签名
root@debian8:~#
root@debian8:~#
root@debian8:~# gpg -d FranklinYang.rsa.sec.key.sign.debian8.asc
gpg: IDEA encrypted data
gpg: encrypted with 1 passphrase
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v2
lQIVBFg4PyYBEACTNyE3hnLtqHcGLQrjhh56yLtWiWJMxTeh26Xy378quxoGaLzC
JW9iOAq2AT67jdhYF6Lx7YE0YN1mPmzNhb8okhNdrP/wMxYHQB5mhxEeyLfPI6xG
HJ0gnDoHATmXteLTiWSxkPq这可是我的私钥啊。。。mgvJz+wi3ivtQmvP8Xzt79GX2mrE491Vr3KZV
B02cBO/Gdwimnnpsbm4aR+mpTRahQf6DlC3mO/c5+42NDFYgY0zX7haMLpLwc/Gn
dUDUdNvgFFWX9IhtnLf1VRFU0borjtBLaezDN5LaUYEkIK0UxRAOQRi6EDb//5Ar
uM/gOyZe0VK8cl9YFc1IZ2这可是我的私钥啊。。。R00Ugu7BsFCyhU5L9Y2t/BVOscghc1GACPFzS1+x
GKu7T7wvkN2ETTBXaMdAJsOh17IXInO9baYnQA4qEK1pYWzAK7bV0FkZ/wARAQAB
/gNlAkdOVQG0M0ZyYW5rbGluWWFuZyAoRW5jcnlwdCBSU0EgNDA5NikgPGFuZHlw
ZWtlckAxNjMuY29tPokCPwQTAQIAKQUCWDg/JgIbAwUJAMXBAAcLCQgHAwIBBhUI
AgkKCwQWAgMBAh4BA这可是我的私钥啊。。。Kf7uxj8bhzjqGb5bR6DmTuMmDmR6mQVu3BsGGeo
7xBTr7ygKArXTvEgm1EKjIeRcnueiw9Gwga8nSTL3VdpYFmNQWJaXDIH45J+TEX5
+P5H9b156eSJtk4PB1NNoGDjQvZep9KcQ5dqzrFXN8ft5wNg3Fg7My7hPzR7Dv/s
Qem1pfMxIpD5N/CBI5aVLvjcsfpb4TtJyOyblbIZsWXy0pQ4yXU1hI9zFthd2aLP
g7x28u3gRepFCCrsPfyYVzP2rXDIYN3kuKnvgtFHkl7fz1k9gIcU57HnbK0ATa70
HjykdE/DXQ4iQS6fnCxrnQc+BFg4PyYBEAC6ZGlyxWoTngc1pxLhp8z3BbFhas/5
eXPP7dLNP1OU0h/Yr4Ln2fdrAB/jetRmfUEuvO6D7NwFcclzzToUFaFbKMf7ZxP4
npzslUAvD3SIcWDJIkLXTxqkZDNPyUl+gSAHTDta3WSmT41AXiUBW4N1raGC1RmB
QiPpWhesFyWFOuCH1pw/0i21OxHZFNypnSRSqYd8oagIijXdCgD7/EZdAV8IKhjP
bLqmFnLfEiwy4rMzsxkghf/OtIcrt73TFhuXCgnnla8ukAhh7giEoO8AfBvyyakS
7XTPjGZokeF7ak/xeYrPptNm这可是我的私钥啊。。。wUNX96JKgb5bhpg1kp9qQGV4XeWgNahtTYkw
wUdCgwiu5S7zSQARAQAB/gMDAr27jk6nvmsq7nl6KrCV6q1KnBs5b0ozYMnUoZpm
mEhqFQ0AVCDxYOkSnTgHIPQRi9tPUnATuK//iqoBjTwQ1ufbg85OdnY57Gq4aVT0
IJsZcwgcGeWZf0gRN7DBxf2kVl8HhC+FyQ14+lDHN0OrxMKYttH1xpA50qnV9qUr
+fcae+nNSm1D9KyYRRGARByg/aGpCDr8ed27YY6ZtQYd+v2Xwm/PByl7o2VER4Sb
iGnw5Ezti4VWptWCuVLqFAem2fhAH94T2TjoWzO1Ar9/mh698bKOXqnPIm8MB5L2
DD6x/5uFinU9tXDaluOZL4S1OP6kcsheF19Jf01GNLLFV8VCdhR2jtqT3bom1T8B
uxAFt4GjKDf1OEUfiK58nuUS/B3Ud7SpSJ4jIgcQ9nq6s46TtLs93hPKLp0gPy9D
DSLYhoJtFd6TZ9QRD08QR52QKd3rm50maqXQC9s0zhsOcvIut0Ze3yxlQp04tg0G
BSbRv8AB7TtPWWft1YKz065w2BLnCWUqc2WxHXRWIcir+vmtAGKdkHFqRpbNABAf
/Ikfc8jGyf+LtuoDTmyCRG7Z这可是我的私钥啊。。。d2qvWUG23dQcHwXCMfb0H9St5+XgG108+MDm
tEovoMxl1B+vRb2VZh2rcRC7Lvo6r9Mbs7buOunBJQfqxC3y0AxHL5c6vHX6+7b3
fMIfI9L/jS2SC1+r888T4Hy4D2RyrB9kemsDFY7sM9ktq3aaXTUJLNPRdPyieOtx
N024vLR8llBVa3Joz29XBwhaGYViL01APQBDrVFsG/ziezxhgKiLFTAV6GQm2wdO
QpYTkQgbLEHYMk7CHpgfucCAIMEEI/m1ATmaEzcMQhEQoNiZ2mGjhlgXZBJwuSAg
4t3hh8jbsdFb2OCMbKzyib8pTQQ6H3cdQfEHV65ZSyj53L4XWonFLauxnwJVRRcj
PXTna3BzUqJvWkLz5pvDN/JP8这可是我的私钥啊。。。tob7lWFow5vc3U3AcS4m9bSFaLwkkfNn78
rd6XYC6EqZmzY2uTv4gbBSvl9slW+bmsuEjHWHy12dagdok8JsxufJZcbaDblP78
iQIlBBgBAgAPBQJYOD8mAhsMBQkAxcEAAAoJEI2keVQnaFb3NKIP/jCs07cOx7Zs
bhO30vzpb1P3kaMzWHIVNN3H+HyGQaaUfF49J66TWQ5x8GKCVraqR14FBqHIJEh3
NkhgkdOMlFJQDbdpAfJoSAlNzc9aAoGZyHC9pp4MvEmUZx0GahkMSeVeGzy8m/JQ
wGNcJT3aidKkz0DPg8ifbw1u4gFKIJlQ/6QSodWdwoeqnbhNFWxHNuQEzXkLSkuv
SwaVduHihCBWWxB39QxPrZeMSITRcLzc9Rm03GiSFN1ZZxrxDK/l+MZ5G1F55M0n
lOloSXFsiakakH27YiYfN4fjQF这可是我的私钥啊。。。qMQ2NGaSbvwqwKVNvOnHzCz40DTW6QFG2ZHO
3JJjrZfiVQ1oSLXMoqdKSNZl7/zvJeAmvYwlGaUFkIXXnz1zb8CUi3wRf2m89a0N
gL7VWBk9rQp6BSGsjyz8kiRb8L7qDRUBXFjENLUcsFyk/JOX74iI5v6fLR68hhau
twdlKbl1A24wKX8AMFyPCVwacJ6n6/nVl/M/io/OOX04rZ76nyxDkslKNhSpt9Dy
hx2mlzBWcDbBoEtzl0evQdhWOkKCuaYCsUa80uaKzddBqg9Guw7Lc+3xRkKqWanM
MWDQVE/2iHdfZdGPSt1+U5fvNn2xP648
=p/mc
-----END PGP PRIVATE KEY BLOCK-----
gpg: Signature made Sat 26 Nov 2016 12:40:21 AM CST using RSA key ID 276856F7
gpg: Good signature from "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"
gpg: WARNING: message was not integrity protected
root@debian8:~#
或者:
root@debian8:~#
root@debian8:~#
root@debian8:~# gpg -o FranklinYang.sec.key -d FranklinYang.sec.key.3des.sig.asc
You need a passphrase to unlock the secret key for
user: "debian8new"
2048-bit RSA key, ID CD540DDF, created 2016-11-26 (main key ID FE761741)
gpg: encrypted with 2048-bit RSA key, ID CD540DDF, created 2016-11-26
"debian8new"
gpg: Signature made Mon 28 Nov 2016 11:10:43 PM CST using RSA key ID 276856F7
gpg: Good signature from "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"
root@debian8:~#
root@debian8:~#
root@debian8:~#
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]# gpg -d FranklinYang.rsa.sec.key.sign.centos7.asc
You need a passphrase to unlock the secret key for
user: "centos7"
2048-bit ELG key, ID CDA873F4, created 2016-11-25 (main key ID 28D414A1)
gpg: encrypted with 2048-bit ELG key, ID CDA873F4, created 2016-11-25
"centos7"
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v2
lQIVBFg4PyYBEACTNyE3hnLtqHcGLQrjhh56yLtWiWJMxTeh26Xy378quxoGaLzC
JW9iOAq2AT67jdhYF6Lx7YE0YN1mPmzNhb8okhNdrP/wMxYHQB5mhxEeyLfPI6xG
HJ0gnDoHATmXteLTiWSxkPq这可是我的私钥啊。。。6mgvJz+wi3ivtQmvP8Xzt79GX2mrE491Vr3KZV
B02cBO/Gdwimnnpsbm4aR+mpTRahQf6DlC3mO/c5+42NDFYgY0zX7haMLpLwc/Gn
dUDUdNvgFFWX9IhtnLf1VRFU0borjtBLaezDN5LaUYEkIK0UxRAOQRi6EDb//5Ar
uM/gOyZe0VK8cl9YFc1IZ28RhkwrMMYnJR7Lj/O6k+vGQsbJcXp9xtnIudX/pJpk
TlweT7P0mCLBc5hxnYPYG2VYLuKlKNPiT0LaIJ+Z5uwH+Suzz7Llzk6mtAJ2eCJL
9FkFA561Ru+fWmbE9ESDsG这可是我的私钥啊。。。QnaFb3gB4P/0xNe8XZ1SdwlpRk0jShtaLg
JbstppuCERyk7sKL2jC/jfrXCNpk2gfDifjaMJTVVbTl2Miyv/nnXzyf2vyLJsks
f94n7+jbIJzwNwFU4DubNgr7NkKBB9bK7Iw+D8d7PzH7VTg9f0Sqnddw2so030xS
+w9XV1NzHtfbgotBlOIxZMe3CN0P8xDVCuva4J/H0Pto7n3/ziB0vHybXVm06C3d
OszafLr6dIhZS6kDjFV9rL/Zhtd766/6UTW/E13mrMlyEE3CqNJKvPb+m1hKG0jU
FrmSyP4FvarTQUqw+mcDNWGRfCcgYORHZrOl4S7g/ZepE+XFoVz0cL87k8FQ1Qvm
nG7qes+2MJ0ek这可是我的私钥啊。。。i21OxHZFNypnSRSqYd8oagIijXdCgD7/EZdAV8IKhjP
bLqmFnLfEiwy4rMzsxkghf/OtIcrt73TFhuXCgnnla8ukAhh7giEoO8AfBvyyakS
7XTPjGZokeF7ak/xeYrPptNma1yESvLK5aoxxwjtgx3vg9P0dFhTFG6eTUrDOanb
vmU2drRqu12K3p9T6Q5mzUzsUuHjfPpu50wZ8PEs2LyoZwNDjEXzFdBTxIH3wq7K
HxrfsNrdXF5E8gOas3XxU这可是我的私钥啊。。。tPUnATuK//iqoBjTwQ1ufbg85OdnY57Gq4aVT0
IJsZcwgcGeWZf0gRN7DBxf2kVl8HhC+FyQ14+lDHN0OrxMKYttH1xpA50qnV9qUr
+fcae+nNSm1D9KyYRRGARByg/aGpCDr8ed27YY6ZtQYd+v2Xwm/PByl7o2VER4Sb
iGnw5Ezti4VWptWCuVLqFAem2fhAH94T2TjoWzO1Ar9/mh698bKOXqnPIm8MB5L2
DD6x/5uFinU9tXDaluOZL4S1OP6kcsheF19Jf01GNLLFV8VCdhR2jtqT3bom1T8B
uxAFt4GjKDf1OEUfiK58nuUS/B3Ud7SpSJ4jIgcQ9nq6s46TtLs93hPKLp0gPy9D
DSLYhoJtFd6TZ9QRD08QR这可是我的私钥啊。。。QIbG7VDtFMrPCk38mykgsAElMyTOHe/258uvpSr
BDATnqHdKE4fEFSquYfjDeEZtWF6XGS5XAe/xHXQPbElWHesaNx/miRe5nd4ySVl
h270DT5ALO11eGiKkiMD4SPEzrZX7QEstJdDjdFWHVfGVINMiVM9wwJ5+oKqlPD6
TAoBq5+clOcR0/3YxxJaGCun1wGj2CE9arLhrJfQbrW6UQB/FP+l8dcmh1a365Uc
rln1nKaVyeROap8VOQNWqR0FzhkXd2qvWUG23dQcHwXCMfb0H9St5+XgG108+MDm
tEovoMxl1B+vRb2VZh这可是我的私钥啊。。。82/AjG9JWkXOmuBCx35lGGgDj0sqY49sb6c/npYZ
/3LJSI3rioane7qoz8HqzowaxON45glFYSCbXyV9asbRY+3UDRivvlr3abImCDGm
+BNEOZDrpA3U7kz5EvpVTQc0xjaqkO6679sDGvpYalXuruHOX84LyAGutroUk/WA
LW9WrBT7UGz4g4rG/dwN76OQIERo0o95qI7qQDTKam6cVjDSJJ2kiGgcE2LVHsGa
RXDv+DmSrBvOCU1E89yzzuJP/AFI04fkEmQgztnA0MoC//2Z6D9EUXV1qK89k4gs
fSLA6IB77cxHsEKcwTSHpKLaSWGxjOtob7lWFow5vc3U3AcS4m9bSFaLwkkfNn78
rd6XYC6EqZmzY2uTv4gb这可是我的私钥啊。。。9aAoGZyHC9pp4MvEmUZx0GahkMSeVeGzy8m/JQ
wGNcJT3aidKkz0DPg8ifbw1u4gFKIJlQ/6QSodWdwoeqnbhNFWxHNuQEzXkLSkuv
SwaVduHihCBWWxB39QxPrZeMSITRcLzc9Rm03GiSFN1ZZxrxDK/l+MZ5G1F55M0n
lOloSXFsiakakH27YiYfN4fjQFUCDKXRjT/Zpj4W2gGLwOHV7Vaq0DFpLypuC7u7
TIA0yVLX4X80rIuxXa3rdEv9Xb/nqMQ2NGaSbvwqwKVNvOnHzCz40DTW6QFG2ZHO
3JJjrZfiVQ1oSLXMoqdKSNZl这可是我的私钥啊。。。L7qDRUBXFjENLUcsFyk/JOX74iI5v6fLR68hhau
twdlKbl1A24wKX8AMFyPCVwacJ6n6/nVl/M/io/OOX04rZ76nyxDkslKNhSpt9Dy
hx2mlzBWcDbBoEtzl0evQdhWOkKCuaYCsUa80uaKzddBqg9Guw7Lc+3xRkKqWanM
MWDQVE/2iHdfZdGPSt1+U5fvNn2xP648
=p/mc
-----END PGP PRIVATE KEY BLOCK-----
gpg: Signature made Sat 26 Nov 2016 01:01:51 AM CST using RSA key ID 276856F7
gpg: Good signature from "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]#
或者:
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]# gpg -o FranklinYang.sec.key -d FranklinYang.sec.key.2centos7.3des.sig.asc
You need a passphrase to unlock the secret key for
user: "centos7new"
2048-bit RSA key, ID 903BE0F0, created 2016-11-26 (main key ID F9F5A616)
gpg: encrypted with 2048-bit RSA key, ID 903BE0F0, created 2016-11-26
"centos7new"
gpg: Signature made Mon 28 Nov 2016 11:13:08 PM CST using RSA key ID 276856F7
gpg: Good signature from "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]#
4 在其他电脑上,导入“我的私钥”
(同上)